5 Best Linux VPN Services for 2016

If you care even slightly about privacy, you should use Linux rather than a commercial desktop Operating System (OS) such as Microsoft Windows or Apple OSX. Linux comes in various flavors (known as “distros”), but almost all of them are free and open source software (FOSS). Of course, if you use Linux, it is essential that protect yourself with a good Linux VPN!

Linux distros are usually much more secure than their commercial rivals. And unlike them, do not send vast reams of personal data back to their parent companies. This makes Linux an ideal OS for the security or privacy conscious user (which since you are reading this article on a VPN website, I’m sure includes you!).

Linux is used as the primary OS on only a relatively small number of desktop computers, although it is the most popular OS used for servers. Fortunately, because Linux is favored by exactly the kind of privacy-heads who use VPNs, the OS is fairly well-supported by VPN providers.

In many cases, this support simply comes in the form of good setup support for the generic open source Linux client. But some providers offer their own fully-featured custom Linux software (or something in between)…

Thanks to its tech-heavy focus and lack of customer service skills, AirVPN is not a hit with the average VPN user. This is a big shame, as not only does AirVPN really care about its customers’ privacy, but it is the clear market leader when it comes to privacy technology. Its open source GUI Linux client (“Eddie”) is identical to the Windows and OSX versions.

Like AirVPN, this small Swedish provider really cares about its users’ privacy. It even accepts anonymous cash payments sent by post! It also provides Linux users with a full version of its GUI desktop client. This protects Linux VPN connections with a firewall based kill switch and DNS leak protection, and allows port forwarding. In fact, the Mullvad client is the only VPN software I am aware of properly route IPv6 DNS requests (even AirVPN only disables IPv6).

It hardly needs saying that Mullvad keeps no logs at all, and it now uses strong encryption. The main drawback, however, is that Mullvad runs servers in only a very limited number locations in Europe and the US (with no UK server).

ExpressVPN

4.2/5

PROS

Linux client (command line)

No usage logs

30-day money back guarantee

3 simultaneous connections

Servers in 78 countries

CONS

Connection logs

A bit pricey

ExpressVPN is a popular VPN service thanks to great 24/7 customer service, easy-to-use software, and a 30-day no quibbles money back guarantee that actually does what it promises. It also offers server end-points in an impressive 87 different countries.

Linux users are not as well catered for as users of other Operating Systems, but ExpressVPN does at least provide a basic custom Linux VPN client. It is Terminal command-line only, but works well, and is simple enough to use. The Ubuntu 64-bit version works just fine for me Mint. Update: The ExpressVPN Linux client now features DNS leak protection.

PrivateInternetAccess

4/5

PROS

No logs (at all)

5 simultaneous connections

Accepts Bitcoins

P2P: yes

CONS

No free trial

US based company

There was a time when PIA was the darling of the VPN world among privacy fans. So-so customer service and a variety of technical issues have removed a little of the shine, but Private Internet Access still provides a very impressive service. It keeps no logs at all, permits up to 5 devices to connect simultaneously, and yearly subscriptions are ridiculously cheap.

Linux support is limited to providing a script that automates installation and configuration of the generic open source OpenVPN client. This is way better than nothing, but you do gain none of the advanced features available to users of PIA’s Windows and Mac OSX clients. Although PIA states that its Linux script is for Ubuntu, it also works without problem in Mint (and probably in most other Linux distros).

Edit: Thanks to a comment from reader Nigel H, I downloaded the PIA Linux/Ubuntu software again (using Mint). It has the same GUI as the Windows application. I don’t know whether this is new, or is something somehow I missed when writing this article, but it does mean that when I next update this piece I will rank PIA higher than its current position.

IVPN

3.7/5

IVPN is a new entry to our 5 Best lists. Based in Gibraltar, IVPN impresses us with blazing fast connection speeds, a great attitude to privacy (no logs at all), and rock-solid encryption. I am somewhat dubious about the value of its double-hop VPN feature, but others may find it interesting. Those wanting servers in more exotic locations, however, should look elsewhere.

IVPN does not provide any dedicated Linux software, but caters to Linux users with excellent Linux VPN tutorials for the open source OpenVPN client (using either NetworkManager GUI or Terminal).

VPNs for Linux Distros Considerations

There are a ridiculously large number of Linux Distros out there, often catering to very specialized requirements. Secure Linux distributions such as Tails are a good example of this, but their strong focus on security make them rather too specialized for a day-to-day use a “Windows replacement” OS.

Although some compromises are made, popular Linux versions such as Linux Ubuntu and Linux Mint are still much more secure than Windows, and do not phone home.

The AirVPN client for Linux (“Eddie”) is identical to its fully featured Windows and OSX siblings

It is probably worth noting here that Ubuntu caused a fair amount of alarm among privacy activists thanks to a number of “features” that leaked users’ data to third party advertisers, most notably to Amazon. Thankfully, these adware “features” have been turned off by default from Ubuntu 16.04 LTS onward.

Custom Linux VPN clients

If you have read the VPN summaries above, you will likely have noticed that only AirVPN and Mullvad (edit: and PIA) offer full custom VPN software for Linux systems. In both cases, these clients are open source, and by some not very surprising co-incidence, AirVPN and Mullvad are also two of my personal favorite VPN services.

At the time of writing, these are the only VPN providers I know of to offer such software. Others may exist, but if so, they have not otherwise come to my attention as offering great Linux VPN services.

The advantage of using custom Linux VPN software is that it provides users with valuable advanced features such as DNS leak protection and a kill switch

ExpressVPN’s command line client is a much simpler affair.

The open source OpenVPN client

The open source OpenVPN package for Linux from OpenVPN Technologies is a fine piece of software, and works very well. Most VPN providers who do not support Linux with custom VPN clients, but many do provide detailed setup guides for configuring the generic OpenVPN Linux client for their service.

Most such guides are specifically aimed at Ubuntu/Debian users, but assuming that you are familiar with using your favorite brand of Linux, you should not have much difficulty getting things to work correctly in other distros.

It is worth noting that even when a provider does not provide any Linux support, its OpenVPN configuration files can almost certainly be used with the open source OpenVPN Linux client. This means that you should be able to use any VPN service that supports OpenVPN (almost all of them) with your Linux system.

The downside of using the generic client with this is that you do not benefit from advanced features such as DNS leak protection and a kill switch, which can be often found in custom software. The good news is that those familiar iptables should have no problem creating their own firewall rules to ensure that no connections are permitted outside the VPN.

VPN inside a Linux Virtual Machine

In addition to acting as a replacement desktop OS,the Linux Operating System works very well when run inside a Virtual Machine (VM) such as Oracle VM VirtualBox. This can help to shield your “real” OS from viruses and suchlike picked up on the internet. It can also help to foil fingerprinting and other forms of online tracking, as you can simply turn the VM off (and therefore reset your entire OS back to its default settings) at the end of a session.

With reference to VPNs, running a Linux VPN inside a Linux Virtual Machine can useful for two things:

Faux split-tunneling

You can run a Linux VPN inside the VM, but not on your main OS. This allows you to use your primary OS to visit websites were you do not want to hide your real IP. But for website you do want to hide your IP (or otherwise protect yourself, such as when P2P torrenting), you use the Virtual Machine.

This configuration allows you to readily access services that refuse to play ball with VPN users, for example, if you are a US resident and wish to access US Netflix. It is also great for those worried about their real ID becoming associated with their VPN account when they use services such as Google and Facebook.

Double-hop VPN

You can connect to a Linux VPN inside the Virtual Machine, and a VPN in your primary OS. This can be done to completely different VPN services, and can help to obfuscate your VPN “trail”, as an adversary would need to trace you back through 2 (or more)* separate VPN servers and/or services.

*In theory you can run multiple VMs nested inside other VMs to achieve a multi-hop VPN configuration. In practice, I have never managed to get a VM to run inside another VM.

Note that if you connect to a VPN using your primary OS, but do not use a VPN inside the VM, your internet connection will route through the VPN. This means that when browsing inside the Linux Virtual Machine, your IP address will be that of the VPN server your primary OS is connected to.

Conclusion

If you want the full GUI VPN experience in Linux, then AirVPN and Mullvad are pretty much your only good Linux VPN options. This is hardly a problem, however, as these are both great services! Users of other VPN services need not worry too much, however, as the open source OpenVPN Linux VPN client works very well.

If you really want bells and whistles such as DNS leak protection and a firewall-based kill switch, then this can be done using iptables. As a Linux user, I’m sure that you are no stranger to rolling up your sleeves and tinkering in order to get things working just as you like them!

So… I downloaded the PIA Linux/Ubuntu software again (using Mint), and it does indeed have the same GUI as the Windows application. I don’t know whether this is new, or is something somehow I missed when writing this article, but it does mean that when I next update this piece I will rank PIA higher than its current position. Thanks for bringing this to my attention. I have made a couple of edits in order to include this information.

I’m afraid that I don’t really understand what you mean by “vpn is an option with tor.” It is certainly possible to use VPN and Tor together. Ubuntu did come bundled with adware/malware, but this has been made opt-in, so is much less of a concern.